package com.lixueju.security.box.web.server;

import com.lixueju.security.box.core.properties.SecurityBoxConstants;
import com.lixueju.security.box.core.properties.SecurityBoxProperties;
import com.lixueju.security.box.validate.code.ValidateCodeSecurityConfig;
import com.lixueju.security.box.web.authentication.SecurityBoxAuthenticationSecurityConfig;
import com.lixueju.security.box.web.exeption.CustomAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.access.AccessDeniedHandler;

/**
 * @author lixueju
 * @since 2019/11/7 9:29
 **/
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)//激活方法上的PreAuthorize注解
public class SecurityBoxResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private SecurityBoxAuthenticationSecurityConfig securityBoxAuthenticationSecurityConfig;

    @Autowired
    private SecurityBoxProperties securityBoxProperties;

    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        String[] openUrls = null;
        if (SecurityBoxConstants.DEFAULT_LOGIN_PROCESSING_URL.equals(securityBoxProperties.getOpenUrl())) {
            openUrls = new String[1];
            openUrls[0] = SecurityBoxConstants.DEFAULT_LOGIN_PROCESSING_URL;
        } else {
            String[] split = securityBoxProperties.getOpenUrl().split(";");
            openUrls = new String[split.length + 2];
            for (int i = 0; i < split.length; i++) {
                openUrls[i] = split[i];
            }
            openUrls[split.length] = SecurityBoxConstants.DEFAULT_LOGIN_PROCESSING_URL;
            openUrls[split.length + 1] = SecurityBoxConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/**";
        }
        http.apply(validateCodeSecurityConfig).and().apply(securityBoxAuthenticationSecurityConfig).and()
                .authorizeRequests().antMatchers(openUrls).permitAll()
                .anyRequest().authenticated()
                .and()
                .csrf().disable().exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler());
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resource) throws Exception {
        //这里把自定义异常加进去
        //resource.authenticationEntryPoint(new AuthExceptionEntryPoint());
        resource.authenticationEntryPoint(new SecurityBoxOAuth2AuthenticationEntryPoint());
    }
}
